group

The Group object represents a collection or association of entities, such as users, policies, or devices. It serves as a logical grouping mechanism to organize and manage entities with similar characteristics or permissions within a system or organization, including but not limited to purposes of access control.

Attributes

CaptionNameTypeDescription
Description desc String The group description.
Domain domain String The domain where the group is defined. For example: the LDAP or Active Directory domain.
Name name String Entity:GROUP_OBJECT_NAME
The group name.
Privileges privileges String[] The group privileges.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Account Type type String The type of the group or account.
Unique ID uid String Entity:GROUP_OBJECT_UID
The unique identifier of the group. For example, for Windows events this is the security identifier (SID) of the group.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Group shown in context

Inbound Relationships

These objects and events reference Group in their attributes:

Outbound Relationships

Group references the following objects and events in its attributes:

This page describes ocsf-1.4.0